For a policy group, make sure the subject added to the group is a group, not individuals
GSH example
grouperSession = GrouperSession.startRootSession();
ruleGroup = GroupFinder.findByName(grouperSession, "test:testGroup", true);
AttributeAssign attributeAssign = ruleGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate();
attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
attributeValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
attributeValueDelegate.assignValue(RuleUtils.ruleIfConditionElName(), "\${safeSubject.sourceId != 'g:gsa'}");
attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.veto.name());
attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), "rule.entity.must.be.a.group");
attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "Entity must be a group");
String isValidString = attributeValueDelegate.retrieveValueString(RuleUtils.ruleValidName());
if (!GrouperUtil.equals("T", isValidString)) {throw new RuntimeException(isValidString);}
1 Comment
Chris Hyzer (upenn.edu)
so you are saying for all policy groups you only want groups added to them? across the board?